Embedded Security Gateway

Internet Protocol Security (IPSec) is a kind of network security technologies which is widely used to protect the networks communication security from attacks and intrusions. Traditionally, Software-based implementation of the IPSec Protocol is very expensive as the network bandwidth increases rapidly. It will take a great lot of time to perform some complicated cryptological algorithms, and it results in the performance problem.Firstly, the IPSec protocol is analyzed. IPSec mechanism, security association, the Encasulation Security Palyload, the Authentication header and the IPSec data stream are discussed.Furthermore, a method of designing and implementing embedded security gateway of IPSec protocol based on network processor is proposed, according to analyze the design approach of security gateway products.The control panel tasks, including datagram encapsulation, security negotiation, key exchange and data panel tasks, which contain datagram encryption and message authentication are separated in IPSec protocol.According to the approach above, a scheme of implementing IPSec security gateway is also proposed. The implementation of gateway mainboard hardware system based on S3C2510 network processor and co-processor module based on FPGA are described. The research and development of gateway software system based on VxWorks operating system and the principle and implementation of IPSec VPN function based on WIND NET IPSec & IKE are also described.After VPN function is implemented, and the gateway data stream is analysed, a scheme of testing security gateway functions which is based on SmartBits 6000C network data test platform is proposed for evaluating the security gateway performance.